Summary
This host is running HP System Management
Homepage (SMH) and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to perform clickjacking attacks, perform a Cross-Site Request Forgery attack or execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to HP System Management Homepage
(SMH) 7.4 or later. For updates refer to
http://h18013.www1.hp.com/products/servers/management/agents/index.html
Insight
Multiple flaws are exists due to,
- An error as HTTP requests to certain scripts do not require multiple steps, explicit confirmation, or a unique token when performing sensitive actions.
- An error as application does not validate user-supplied input.
- An unspecified error.
Affected
HP System Management Homepage (SMH) before
version 7.4
Detection
Get the installed version of HP SMH with
the help of detect NVT and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-2640, CVE-2014-2641, CVE-2014-2642 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability